Thanks. This is great. I've spent the past day searching the web and have finally found the answer.
We have an infected machine that attacked some of the files on a server it had rights to.
I'm about to do a clean install of the machine of the infected machine but I'm running the decrypter first to try to recover the 8,500 files in /My Documents/ files that weren't backed up. (Server was okay). The test didn't seem to work on small files (as was reported in posts above) but was okay in large test files.
My "newbie" questions are:
1. Should I delete the malware before I copy off the recovered files? How do I do this?
2. I used a flashdrive to run the "decrypter" on the infected machine. Should I be worried about the flashdrive being "infected"? (I've heard malware doesn't replicate like viruses but I'd like to be sure).
Thanks in advance. I'll send a donation shortly.